AppSec metrics fail, Mend.io’s Risk Reduction Dashboard fixes it
Today, we’re introducing our Risk Reduction Dashboard. This is a new way for security leaders to quantify their AppSec...
application security
Fixing Vulnerabilities Directly in your IDE with Escape MCP
Every developer knows the scenario: you're deep in flow, building features, when a security team ticket with a critical...
OWASP Top 10 for 2025: What’s New and Why It Matters
In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright,...
Why API Security Will Drive AppSec in 2026 and Beyond
The way software is built is being rewritten in real-time. Large language model (LLM) integration, agents and model context protocol (MCP) connection turn a simple app...
Best Application Security Testing Services to Know
Application Security Testing (AST) services use automated tools and manual techniques to find and fix security vulnerabilities in software,...
The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM
When Twilio announced its acquisition of Stytch yesterday (on October 30, 2025), it sent ripples through the developer community....
Methodology: How we discovered over 2k high-impact vulnerabilities in apps built with vibe coding platforms
Hey there, With Halloween around the corner, what’s scarier for organizations than vulnerabilities in their web applications? And it's...
OWASP Mobile Top 10 for Android – How AutoSecT Detects Each Risk?
How trending are mobile apps? Statistics say that mobile apps are now a part of 70% of the digital...
October Patch Tuesday Fails Hard — Windows Update Considered Harmful?
Showstopper bugs with security certificates—plus failing USB keyboards and mice—cause QA questions.Microsoft’s Windows security update rollup is badly buggy this...
Differences Between Secure by Design and Secure by Default
Introduction: The Rising Importance of Proactive Security Okay, so, proactive security – it's kinda a big deal now, right? I...
Qualys ROCon: From SOC To Roc, Evolving To Agentic Risk Surface Management
Global sales SVP at Qualys Shawn O’Brien kicked off the company’s Qualys ROCon 2025 event this week in Houston, Texas....
#Pixnapping: Android Timing Attack Sends Google Back to the Drawing Board
Researchers discover a new way to steal secrets from Android apps.Anything any Android app can display is vulnerable to the Pixnapping...
#RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln
CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW.Redis (Remote Dictionary Server) and its open source fork Valkey share a...
The Vision Behind Mend.io’s Recognition
The software security landscape is evolving faster than ever, and AI is accelerating this change. As generative and embedded AI...
As Hardware, API and Network Vulnerabilities Rise, Defenders Rethink Strategies
Hardware, API and network vulnerabilities have soared in the last year, according to new research by Bugcrowd. And not surprisingly,...
